Failed to load class "org.slf4j.impl.StaticLoggerBinder" during sonar scan

SonarQube Server / Community Build Plugin Development
1

Used software:
SonarQube 2025.1 Developer
SonarScanner for Maven 5.0

Hi Community,
After upgrading to SonarQube 2025.1 LTA Developer from 9.9.8 LTA, we faced the following error messages during the sonar scan process with the maven plugin:

16:24:00.869  [INFO] js security sensor: Time spent was 00:00:00.001
16:24:00.869  [INFO] js security sensor: Begin: 2025-02-05T14:24:00.817651437Z, End: 2025-02-05T14:24:00.818856185Z, Duration: 00:00:00.001
16:24:00.869    Load type hierarchy and UCFGs: Begin: 2025-02-05T14:24:00.818234611Z, End: 2025-02-05T14:24:00.818593984Z, Duration: 00:00:00.000
16:24:00.869      Load type hierarchy: Begin: 2025-02-05T14:24:00.818265632Z, End: 2025-02-05T14:24:00.818423301Z, Duration: 00:00:00.000
16:24:00.869      Load UCFGs: Begin: 2025-02-05T14:24:00.818492249Z, End: 2025-02-05T14:24:00.818533009Z, Duration: 00:00:00.000
16:24:00.869  [INFO] js security sensor peak memory: 396 MB
16:24:00.869  [INFO] Sensor JsSecuritySensor [security] (done) | time=2ms
16:24:00.869  [INFO] ------------- Run sensors on project
16:24:00.869  [ERROR] [stderr] SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
16:24:00.869  [ERROR] [stderr] SLF4J: Defaulting to no-operation (NOP) logger implementation
16:24:00.869  [ERROR] [stderr] SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
16:24:01.129  [INFO] Sensor ArchitectureSensor [architecture]
16:24:01.389  [INFO] Sensor ArchitectureSensor [architecture] (done) | time=381ms
16:24:01.389  [INFO] Sensor Zero Coverage Sensor
16:24:01.389  [INFO] Sensor Zero Coverage Sensor (done) | time=1ms

It is not only annoying to have some “red marked messages” in the console output, but it impacts our CI system workflow as it detects ERROR lines from the output and fails our builds.

I’ve made an investigation, and looks like it some sensors use different SLF4J versions.
Could you please advise how we can solve it? (Maybe disable some sensors in SonarQube etc …)

Thank you for your advice!

4

upgrading to SonarQube 2025.1 LTA from 10.7

image
image1069×309 58.3 KB

5

Upgraded to 2025.1 LTA from 9.9.5 and we are now getting the same error. We have a Spring Boot project that has Java 17 (eclipse-temurin), NodeJS JavaScript, and TypeScript in multiple Gradle 8.7 subprojects. JaCoCo and Jest are being used for code coverage.

in addition to the SLF4J error above, also failing our pipeline, I also see:

Access to the multi-values/property set property 'sonar.javascript.file.suffixes' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
Access to the multi-values/property set property 'sonar.typescript.file.suffixes' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.

We are using the latest version of the SonarQube Gradle Plugin available as of yesterday.

This error appears to have been fixed, once before, in SonarQube due to an API being out of date. We are setting the values for these filetypes using a string in a Gradle Property. I suspect the API trying to parse that string needs to check split it into a string array on commas.

7

Hi,

The SLF issue is now under investigation, assigned to ticket: Jira.

The getStringArray issue may be from a different area or plugin. Will update on that when more information available.

Thanks for highlighting.

UPDATE: On getStringArray, this issue has already been recorded as a ticket against SonarJS: Jira. It is scheduled to be addressed in the next JS hardening sprint.